Wednesday, January 27, 2010

Hard Drives Pilfered from BlueCross BlueShield (Chattanooga)

Insurer BlueCross BlueShield officials this week are telling hundreds of thousands of members that somehow a thief managed to steal a total of 57 computer hard drives from a closet at Chattanooga, Tenn. call center.

In a statement, BlueCross BlueShield spokeswoman Mary Thompson said that while the data was encoded, it was not encrypted. She said the drives contained more than 1.3 million audio files of recorded conversations between customer service representatives and customers.

The drives also included 300,000 video files from images on customer service reps' computer screens, including Social Security numbers, birth dates, addresses and medical information.

While the bulk of the estimated 220,000 to 500,000 members affected by the data breach are Tennessee residents, BlueCross BlueShield said there at least 500 members from another 32 states who had their data exposed in the heist.
http://www.esecurityplanet.com/features/article.php/3860531/Hard-Drives-Pilfered-from-BlueCross-BlueShield.htm

Drive, Patient Data Go Missing in California Theft
January 15, 2010

More than 15,000 Kaiser Permanente patients in Northern California this week are being notified that their personal information, including birth dates, addresses, phone numbers and medical-record numbers, was exposed last month after an unencrypted external storage drive was stolen from an employee's car.

http://www.esecurityplanet.com/features/article.phpr/3858931/article.htm

MIAOULIS NOTE:  These were breaches of physical security.  A reminder to us all that it is just not electronic breaches that are covered.  Your risk analysis should certainly include a review of physical controls.  As always, when reading these stories, ask yourself "could it happen here, what controls do we have in place to prevent this?"

No comments: